David -
USER ? hmm - sounds like a 'dialog trapping routine' is needed, but still
should parse for the 'drop tablename go ' sequencing .
what was the point again ??? hmmmm I've got a backend database - I've got a
front end client program - I'm NOT using the internet to connect one with
the other - and I'm a slinging SPT back . where was that malacious stuff
again ?
I wonder if one stuck to the odbc pile from MDAC 2.5/6/7 to hit a sql back
end - if there would be NO issues what so ever ??
ahhhhhhhhh...
if security packs are applied on the workstation this behavior occurs ...
hmmmmm this suggests it doesn't matter what the 'version' of mdac is .
Alan - what db are u using again ?? straight VFP ? no back end ??? hmmmm
curiouser and curiouser, said Alice ...
--
William Sanders / Electronic Filing Group Remove the DOT BOB to reply via
email.
FREE LONG DISTANCE -> mailto:excel-info AT efgroup D.O.T net
Free Satellite Receivers and installation ->
http://www.vmcsatellite.com/?aid=58456
mySql / VFP / MS-SQL
----- Original Message -----
From: "Crooks, David L." <croodl@ispec.com>
To: <profox AT leafe D.O.T com>
Sent: Friday, October 31, 2003 2:25 PM
Subject: RE: [NF] Gates: You don't need perfect code for security
> Maybe, but how would a user really know if the Select statement is valid
or
> not?
>
> -----Original Message-----
> From: Greg Gum [mailto:ProFox@Avasoft.com]
> Sent: Friday, October 31, 2003 2:31 PM
> To: profoxtech AT leafe D.O.T com
> Subject: RE: [NF] Gates: You don't need perfect code for security
>
> What if it was an unexpected SQL statement, ie came from a virus or
> something? This would at least give you a clue something is going on.
>
> Greg
>
> -----Original Message-----
> From: profoxtech-bounces@leafe.com [mailto:profoxtech-bounces AT leafe D.O.T com]
On
> Behalf Of allan lindgren
> Sent: Friday, October 31, 2003 12:54 PM
> To: profoxtech@leafe.com
>
> Speaking of security, I just had to do a work around for this. We are
> testing our direct marketing module in Office 2003 (word 11). When the
> user previews or prints a merged document, there is a new warning screen
> that states "Opening this document will run the following SQL command:
> SELECT * FROM C-3000G6YD Data from your database will be placed in the
> document. Do you wish to continue? " MS states that this is part of
> there new commitment to security. The dialog has a yes and no button. If
> you push the YES button, you get the mail merge document with data. If
> you push the NO button you get the mail merge document with data.
> Question; How is this secure? ;-)
> We are turning this off for our customers in the registry.
>
> Allan Lindgren
> mailto:allan_lindgren AT starkey D.O.T com
>
>
> > -----Original Message-----
>
> > [mailto:profox-bounces@leafe.com] On Behalf Of James Roark
> >
> > Subject: [NF] Gates: You don't need perfect code for security
> >
> >
>
>
[excessive quoting removed by server]
©2003 William Sanders |
